Fortinet warns of four money making malware in 2013

Written By Unknown on Tuesday 26 February 2013 | 02:07










Arrow Prev Arrow Next

Fortinet Tuesday warned Internet users of four four typical methods used by cyber criminals to extract money from their victims.
The threats have been found in Fortinet's FortiGuard threat landscape, which was conducted from October 1 to December 31, 2012.



Fortinet announced in its press release that the report showed increasing activity in mobile malware variants of the Android Plankton ad kit as well as in hacktivist Web server vulnerability scanning.



In the last three months, FortiGuard Labs has identified four pieces of malware that sharply increased, showing high levels of activity within a very short period of time (from a day to a week).



Fortinet cited the following examples to reflect four typical methods cyber criminals are using today to monetize their malware:



1. Simda.B: This sophisticated malware poses as a Flash update in order to trick users into granting their full installation rights. Once installed, the malware steals the user's passwords, allowing cybercriminals to infiltrate a victim's email and social networking accounts to spread spam or malware, access Website admin accounts for hosting malicious sites and siphon money from online payment system accounts.



2. FakeAlert.D: This fake antivirus malware notifies users via a convincing-looking pop-up window that their computer has been infected with viruses, and that, for a fee, the fake antivirus software will remove the viruses from the victim's computer.



3. Ransom.BE78: This is ransomware, a frustrating piece of malware that prevents users from accessing their personal data. Typically the infection either prevents a user's machine from booting or encrypts data on the victim's machine and then demands payment for the key to decrypt it. The main difference between ransomware and fake antivirus is that ransomware does not give the victim a choice regarding installation. Ransomware installs itself on a user's machine automatically and then demands payment to be removed from the system.



4. Zbot.ANQ: This Trojan is the "client-side" component of a version of the infamous Zeus crime-kit. It intercepts a user's online bank login attempts and then uses social engineering to trick them into installing a mobile component of the malware on their smartphones. Once the mobile element is in place, cybercriminals can then intercept bank confirmation SMS messages and subsequently transfer funds to a money mule's account.



Guillaume Lovet, senior manager of FortiGuard Labs' Threat Response Team said cybercriminals today seem to be more open and confrontational in their demands for money.



"Now it's not just about silently swiping passwords, it's also about bullying infected users into paying. The basic steps users can take to protect themselves, however, have not changed. They should continue to have security solutions installed on their computers, update their software diligently with the latest versions and patches, run regular scans and exercise common sense," Lovet said.



In the last threat landscape report, FortiGuard Labs detected a surge in the distribution of the Android Plankton ad kit. This particular piece of malware embeds a common toolset on a user's android device that serves unwanted advertisements in the user's status bar, tracks the user's International Mobile Equipment Identity (IMEI) number and drops icons on the device's desktop.



In the last three months, the kit's activity plunged. In its place, FortiGuard Labs has detected the rise of ad kits that appear to be directly inspired by Plankton and have approached the same elevated activity level Plankton was operating at three months ago.



"The ad kits we've monitored suggest that Plankton's authors are trying to dodge detection. Either that, or competing ad kit developers are trying to take a piece of the lucrative adware cake. Either way, the level of activity we're seeing with ad kits today suggests that Android users are highly targeted and thus should be especially vigilant when downloading apps to their smartphones," said Lovet.



Lovet said users can protect themselves by paying close attention to the rights asked by an application at the point of installation. It is also recommended to download mobile applications that have been highly rated and reviewed.



In the third quarter of 2012, FortiGuard Labs detected high activity levels of ZmEu, a tool that was developed by Romanian hackers to scan Web servers running vulnerable versions of the mySQL administration software (phpMyAdmin) in order to take control of those servers. Since September, the activity level has risen a full nine times before finally levelling off in December.



"This activity spike suggests a heightened interest by hacktivist groups to facilitate various protests and activist movements around the world. We expect such scanning activity to remain high as hacktivists pursue an ever-increasing number of causes and publicise their successes," Lovet added.







Latest stories in this category


    Fortinet warns of four money making malware in 2013
  • Fortinet warns of four money making malware in 2013

  • Fortinet Tuesday warned Internet users of four..

  • M2M takes centre stage at Mobile World Congress in..

  • SMEs to fuel cloud computing



We Recommend


    Forget the independent candidates
  • Forget the independent candidates

  • Residents should remember which side set the city..

  • Riding Bangkok's waves

  • Yingluck agrees Bangkok race much tighter than..




Comments conditions


Users are solely responsible for their comments.We reserve the right to remove any comment and revoke posting rights for any reason withou prior notice.






Article source: http://www.thethailandlinks.com/2013/02/26/fortinet-warns-of-four-money-making-malware-in-2013/
Posted by Unknown at 02:07

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)